CVE-2004-0203

Опубликовано: 23 нояб. 2004

Источник: nvd

CVSS2: 4.3

EPSS Средний

Описание

Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query.

Ссылки

http://www.kb.cert.org/vuls/id/948750
Third Party Advisory
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-026
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16583
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2016
Third Party Advisory
http://www.kb.cert.org/vuls/id/948750
Third Party Advisory
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-026
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16583
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2016
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:exchange_server:5.5:-:*:*:*:*:*:*

cpe:2.3:a:microsoft:exchange_server:5.5:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:exchange_server:5.5:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:exchange_server:5.5:sp3:*:*:*:*:*:*

cpe:2.3:a:microsoft:exchange_server:5.5:sp4:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.25669

Средний

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-8ghp-mgj8-vqhc

github

почти 4 года назад